QESaaS ("QESaaS," "we," "us," or "our") is an independent quality engineering practice. We provide professional services — Pre-Launch QA Audits, Expert Witness retainers, FDA 483 / Warning Letter response packages, and ISO 13485 / 9001 audit prep — to consumer product brands, medical device firms, quality directors, and litigation teams.
This Privacy Policy explains how we collect, use, and protect personal information in connection with: (a) visits to qesaas.com, (b) inquiries submitted through our contact form or email, and (c) professional engagements with our clients. By using this site or contacting us, you agree to the practices described below.
This site does not host an app, does not require an account, and does not process consumer subscriptions. The RecallSentry™ consumer mobile app has its own separate privacy policy at recallsentry.com.
Inquiry Information. When you contact us through the website form or by email, we collect the information you choose to send: name, email address, company or firm name (where provided), the service you're inquiring about, and the contents of your message.
Engagement Information. If we accept an engagement, we collect information necessary to perform the work — for example, product specifications, supplier documentation, photographs, design files, complaint data, regulatory correspondence (such as FDA 483 observations or Warning Letters), QMS documents, and case materials. The specific information collected depends on the service.
Conflict-Check Information (Expert Witness Inquiries). For litigation engagements, we collect the case caption, parties involved, and the side you represent in order to clear conflicts before any substantive discussion.
Billing Information. Names and addresses needed to issue invoices and process payment. Payment is processed by third-party payment processors (such as Stripe or QuickBooks Payments); QESaaS does not store full payment-card numbers on its own systems.
Server Logs. Our website host records standard server log information for each request: IP address, user-agent string, page requested, referrer, and timestamp. This is used for site reliability, diagnostics, and security monitoring.
Cookies & Web Analytics. See Section 6 below.
We do not use engagement materials to train AI models that are accessible to other clients, and we do not publish engagement materials as case studies or marketing content without written consent from the client.
Engagement materials — product specs, supplier documents, design files, QMS records, FDA correspondence, case materials, and any other information shared in connection with a paid engagement — are treated as the client's confidential information.
✅ We do NOT sell personal information or engagement materials.
We share information only as needed to operate the practice and deliver engagements:
| Recipient | Purpose | Information Shared |
|---|---|---|
| Website host / domain registrar | Hosting qesaas.com and routing email | Server logs; email-in-transit metadata |
| Email provider (e.g., Google Workspace) | Sending and receiving business email | Email content and metadata |
| Payment processor (e.g., Stripe, QuickBooks Payments) | Invoicing and payment processing | Name, billing address, invoice amount; card data handled by processor |
| Accounting / bookkeeping software | Tax records and financial reporting | Invoice and payment records |
| Subcontracted experts (only when authorized) | Engagement support requiring an additional credentialed engineer | Engagement materials specifically authorized by the client in writing |
We may also disclose information when required to do so by law (court orders, subpoenas, governmental requests), to enforce our engagement terms, to protect against fraud, or in connection with a business transfer (sale, merger, or assignment of the practice).
The site uses minimal first-party cookies necessary for navigation. We may use a privacy-respecting web analytics tool to count page visits and understand which pages are most useful — analytics data is aggregated and does not identify individual visitors. We do not use behavioral advertising trackers and we do not sell visitor data.
You may block or delete cookies using your browser settings. Doing so should not affect your ability to read site content or contact us.
No system is perfectly secure. While we use reasonable safeguards, we cannot guarantee absolute security against every possible attack.
| Information | Retention Period |
|---|---|
| Inquiries that did not become engagements | 24 months, then deleted |
| Engagement materials (active engagement) | For the duration of the engagement |
| Engagement deliverables and working files | Up to 7 years after engagement closure (professional record-keeping) |
| Expert-witness case files | Per case-specific litigation hold or until matter is fully concluded plus applicable appeal periods |
| Invoices, payments, and accounting records | 7 years (tax record-keeping) |
| Server logs | 90 days |
| Email correspondence | Subject to provider defaults; cleaned periodically |
Retention may be extended where required by law, regulation, professional standards, or active or anticipated litigation.
Subject to applicable law, you have the right to:
To exercise these rights, email [email protected]. We aim to respond within 30 days.
California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA, including:
Categories of personal information we may collect: identifiers (name, email, IP address); commercial information (engagement / billing records); professional information (firm/company name, role); internet activity (server logs); and inferences drawn from those categories. QESaaS does not collect biometric, geolocation, or sensitive personal information beyond what is voluntarily included in an inquiry or engagement.
Residents of states with comprehensive consumer privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Texas (TDPSA), among others — have rights to access, correct, and delete personal information; to obtain a portable copy where applicable; to opt out of targeted advertising (not applicable — we do not engage in targeted advertising); and to opt out of the sale of personal information (not applicable — we do not sell data). To exercise these rights, email [email protected].
The QESaaS website and our engagements are directed at businesses, professionals, and litigation teams — not children. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided personal information through this site, please contact [email protected] and we will delete it.
QESaaS is a U.S. practice and our services are intended for U.S. clients and U.S. regulatory matters. If you access this site from outside the United States, please be aware that information you submit will be transferred to and processed in the United States, where data-protection laws may differ from those in your jurisdiction. By contacting us, you consent to that transfer.
The site may link to external sites — for example, government recall databases (CPSC, FDA, USDA, NHTSA), the RecallSentry™ consumer app site, or referenced reference materials. QESaaS is not responsible for the content or privacy practices of those third-party sites. Please review their own privacy policies before submitting information.
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last Updated" date at the top of this page. For active engagements, material changes affecting how engagement materials are handled will be communicated by email.
General privacy questions: [email protected]
Engagement-specific questions: [email protected]
Mailing Address:
QESaaS
Atlanta, GA · United States
Website: https://qesaas.com